SOA-C02 dumps
5 Star


Customer Rating & Feedbacks
98%


Exactly Questions Came From Dumps

Amazon SOA-C02 Question Answers

AWS Certified SysOps Administrator - Associate (SOA-C02) Dumps July 2026

discount banner
PDF + Test Engine $139  $97
Test Engine
$119  $83
PDF $99  $69

Here are Amazon SOA-C02 PDF available features:

556 questions with answers Updation Date : 16 Jul, 2026
1 day study required to pass exam 100% Passing Assurance
100% Money Back Guarantee Free 3 Months Updates
Amazon SOA-C02 Sample Questions

Question # 41

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?

A. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference. 
B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference. 
C. Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference. 
D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource. 


Question # 42

A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement? 

A. Configure S3 bucket metrics to record object access logs
 B. Create an AWS CloudTrail trail to log data events tor all S3 objects 
C. Enable S3 server access logging for each S3 bucket 
D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs. 


Question # 43

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

A. Create an AWS Serverless Application Repository and export the Lambda function recommendations. 
B. Enable AWS Compute Optimizer and export the Lambda function recommendations 
C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights. 
D. Run AWS Trusted Advisor and export the Lambda function recommendations 


Question # 44

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost. What should the SysOps administrator do to sign in? 

A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password. 
B. Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console. 
C. Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device. 
D. Use the forgot-password process to verify the email address. Set up a new password and MFA device. 


Question # 45

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group. What is a possible reason for this issue? 

A. Security groups ate rot allowing traffic between the ALB and the failing EC2 instances 
B. The Auto Seating group health check is configured for EC2 status checks 
C. The EC2 instances are failing to launch and failing EC2 status checks. 
D. The target group health check is configured with an incorrect port or path 


Question # 46

A company uses Amazon S3 to aggregate raw video footage from various media teams across the US. The company recently expanded into new geographies in Europe and Australia. The technical teams located in Europe and Australia reported delays when uploading large video tiles into the destination S3 bucket m toe United States. What are the MOST cost-effective ways to increase upload speeds into the S3 bucket? (Select TWO.) 

A. Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia tor He uploads into the destination S3 bucket 
B. Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket. 
C. Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket. 
D. Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. 
E. Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. 


Question # 47

A company uses an Amazon S3 bucket to store data files. The S3 bucket contains hundreds of objects. The company needs to replace a tag on all the objects in the S3 bucket with another tag. What is the MOST operationally efficient way to meet this requirement? 

A. Use S3 Batch Operations. Specify the operation to replace all object tags. 
B. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use S3 Batch Operations. Specify the operation to delete all object tags. Use the AWS CLI and the list to retag the objects. 
C. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use the AWS CLI and the list to remove the object tags. Use the AWS CLI and the list to retag the objects.
 D. Use the AWS CLI to copy the objects to another S3 bucket. Add the new tag to the copied objects. Delete the original objects. 


Question # 48

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets. How should a SysOps administrator configure the VPC to meet these requirements?

A. Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
 B. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets. 
C. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets. 
D. Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets. 


Question # 49

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement? 

A. Turn on S3 Block Public Access from the account level. 
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private. 
C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found. 
D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private. 


Question # 50

A SysOps administrator configuring AWS Client VPN to connect use's on a corporate network to AWS resources mat are running in a VPC According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel. How should the SysOps administrator configure Client VPN to meet these requirements?

 A. Associate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway. 
B. On the Client VPN endpoint, turns on the split-tunnel option. 
C. On the Client VPN endpoint, specify DNS server IP addresses
 D. Select a private certificate to use as the identity certificate tor the VPN client. 


123456789101112131415161718

Download All 556 Questions Check Customers Feedbacks